GRC Report Staff

2024 was a year of growing momentum for the French National Commission on Informatics and Liberty (CNIL), as the watchdog took significant steps to ensure that businesses comply with data protection laws. With fines, compliance orders, and reprimands on the rise, the CNIL made it clear that GDPR violations would no longer go unchecked. The result? A year of record-breaking action in data privacy enforcement.

In a settlement with FINRA, Apex Clearing Corporation, a Dallas-based firm that provides clearing services for introducing broker-dealers, is paying a $3.2 million fine after being found in violation of securities lending regulations. While financial penalties are common in the industry, this case tells a much bigger story about trust, transparency, and accountability—issues that are increasingly at the heart of how financial services firms do business.

The Italian data protection authority has fired a warning shot at AI developers worldwide, blocking DeepSeek, a Chinese chatbot service, from processing data belonging to Italian users. The move adds yet another chapter to Europe's growing scrutiny of AI platforms and their compliance with strict privacy laws.

Another day, another data breach—this time, it's Grubhub in the hot seat. The food delivery giant has disclosed a cybersecurity incident that compromised sensitive information belonging to customers, merchants, and drivers. The breach, linked to a third-party service provider, raises pressing concerns about supply chain security in the gig economy and highlights yet again how cybercriminals continue to exploit vulnerabilities in widely used platforms.

28 ESG evaluation and data providers have now formally endorsed the "Code of Conduct for ESG Evaluation and Data Providers" as of December 31, 2024. This voluntary code, introduced by the Japanese Financial Services Agency (FSA) on December 15, 2022, is part of a broader effort to standardize and improve the transparency of ESG data and evaluation practices across the industry.

In August 2024, the European Union took a big step toward governing one of the most transformative technologies of our time by formally enacting the EU AI Act—the world’s first comprehensive regulatory framework for artificial intelligence. Now, as of Sunday, a critical deadline has passed, setting into motion provisions that are set to reshape how businesses develop and deploy AI.

European insurers might not be in the eye of the storm, but they’re certainly navigating some choppy waters. The European Insurance and Occupational Pensions Authority (EIOPA) just released its latest Insurance Risk Dashboard, offering a snapshot of an industry that’s stable—at least for now—but not without its fair share of concerns. Market volatility and real estate price swings continue to cast shadows over an otherwise steady outlook, with liquidity and funding conditions tightening just enough to keep insurers alert.